Skip to main content

Digital Trends may earn a commission when you buy through links on our site. Why trust us?

Is Zoom’s new privacy policy worth a damn? Proceed with caution, experts say

 

It’s a Zoom world, and we’re just living in it — but we may still be handing over our private data in the meantime. Use of the popular videoconferencing app Zoom has spiked as work has moved into people’s homes. According to the New York Times, the app saw 600,000 downloads in one day, and that was two weeks ago when COVID-induced lockdowns were just beginning to take effect. It’s no wonder the app has surged in popularity — it just works. Simply click on a link and have your meeting.

Recommended Videos

However, a recent investigation by Motherboard revealed Zoom’s iOS app was sending some data about users to Facebook, which was not made clear in the app’s privacy policy. Other investigations by The Intercept showed that the calls were not, in fact, end-to-end encrypted as the company claimed. People were inadvertently sharing their location, which device they were using, and advertising identification data. Even New York State Attorney General Letitia James is looking into the company’s privacy practices.

Zoom has since updated its iOS app to stop sending data to Facebook, as well as amended its privacy policy to add “clarifying updates” under the increased glare of media and public scrutiny. Among the changes: The company says “Customer Content” can no longer be used in ads, that video can only be saved at the request of a user, and the company also added details about the data it does collect.

Some experts said Zoom’s new policy does clarify and tighten up previously vague language regarding user data. This change is something the U.K.-based digital rights group ProPrivacy applauded, but still urged caution.

“Zoom is complying with the laws, but it will share your data with Google where it is lawful to do so,” wrote Jo O’Reilly, digital privacy advocate for ProPrivacy. “It does go so far as to point out, though, that this is not a ‘sale’ of your data in the sense that most of us use the word ‘sale’, a clear attempt to shake off the controversy.”

James Carder, the chief security officer of LogRhythm, a security intelligence company, wasn’t sold. “This is fairly boilerplate stuff,” Carder told Digital Trends. “When you read their privacy policy now, it sounds like they’re trying to avoid responsibility and put the onus on the customer. It’s more of a response of ‘hey, we’re doing the right thing! The problem isn’t with us!’”

What’s in Zoom’s new privacy policy

Zoom Meeting
Image used with permission by copyright holder

In a statement to Digital Trends, Zoom said “It’s important to note that the ‘new’ privacy policy does not reflect any changes in our practices, it simply makes clarifying updates to the language” (emphasis theirs). The spokesperson also said that the practice of Zoombombing is “unrelated to the new privacy policy.” Zoombombing is a trolling tactic wherein an unauthorized user will access a Zoom chat that isn’t secured with a password and act in a disruptive manner, for instance by playing an inappropriate, loud video or shouting white supremacist slogans. Zoom said they “strongly encourage hosts to review their settings.”

“The root issue is that people are accessing some form of data that they shouldn’t be accessing,” Carder said. “If I look at them releasing new privacy policy, I don’t think it’s addressing the root issue. I don’t see anything addressing security best practices, or what you could do with meetings that get Zoombombed. And this stuff is happening on every online collaboration platform.”

“When they came under scrutiny, they went back and reworked and clarified the policy dramatically to ease user minds,” said Eve Maler, interim chief technology officer of the a digital identity company ForgeRock. “And they did a good job. But they should have known better.”

Maler said she thought Zoom did a good job addressing some core concerns; compliance with child protection laws and medical privacy laws for instance. But she said she’s seen this “walk of shame” from CEOs before: A company’s lax privacy policy is discovered, the CEO feigns contrition under scrutiny and offers a non-apology statement, and then the policy is changed.

“Customers have gotten more savvy and cynical and privacy sensitive, and regulators have too. Enterprises have to understand that modern data privacy has changed,” Maler said. “We’ve seen enough of these executive ‘walks of shame,’ that they [Zoom] should have known that this would happen in this regulatory environment,”

Maler pointed to another dramatic instance of this exact pattern: Spotify in 2015. The music streaming app’s policy at the time allowed it to pretty much read a user’s entire phone. Users had inadvertently agreed to allow the app to view their Facebook posts, know their location, and see their contacts and photos. Spotify insisted there was a reasonable explanation, but CNN described the policy as “the opposite of private” and “creepy” and under the harsh glare of the media spotlight, the policy was amended.

“We don’t know the true intentions, but we’ve seen this happen before and people rightfully look askance at this exercise of power. Let’s just call it what it is,” Maler said. “They should have known that changing privacy policy in this environment will look like it was motivated by circumstances and newfound popularity. It’s not a good look.”

Maya Shwayder
I'm a multimedia journalist currently based in New England. I previously worked for DW News/Deutsche Welle as an anchor and…
Google just gave vision to AI, but it’s still not available for everyone
Gemini Live App on the Galaxy S25 Ultra broadcast to a TV showing the Gemini app with the camera feature open

Google has just officially announced the roll out of a powerful Gemini AI feature that means the intelligence can now see.

This started in March as Google began to show off Gemini Live, but it's now become more widely available.

Read more
This modular Pebble and Apple Watch underdog just smashed funding goals
UNA Watch

Both the Pebble Watch and Apple Watch are due some fierce competition as a new modular brand, UNA, is gaining some serous backing and excitement.

The UNA Watch is the creation of a Scottish company that wants to give everyone modular control of smartwatch upgrades and repairs.

Read more
Tesla, Warner Bros. dodge some claims in ‘Blade Runner 2049’ lawsuit, copyright battle continues
Tesla Cybercab at night

Tesla and Warner Bros. scored a partial legal victory as a federal judge dismissed several claims in a lawsuit filed by Alcon Entertainment, a production company behind the 2017 sci-fi movie Blade Runner 2049, Reuters reports.
The lawsuit accused the two companies of using imagery from the film to promote Tesla’s autonomous Cybercab vehicle at an event hosted by Tesla CEO Elon Musk at Warner Bros. Discovery (WBD) Studios in Hollywood in October of last year.
U.S. District Judge George Wu indicated he was inclined to dismiss Alcon’s allegations that Tesla and Warner Bros. violated trademark law, according to Reuters. Specifically, the judge said Musk only referenced the original Blade Runner movie at the event, and noted that Tesla and Alcon are not competitors.
"Tesla and Musk are looking to sell cars," Reuters quoted Wu as saying. "Plaintiff is plainly not in that line of business."
Wu also dismissed most of Alcon's claims against Warner Bros., the distributor of the Blade Runner franchise.
However, the judge allowed Alcon to continue its copyright infringement claims against Tesla for its alleged use of AI-generated images mimicking scenes from Blade Runner 2049 without permission.
Alcan says that just hours before the Cybercab event, it had turned down a request from Tesla and WBD to use “an icononic still image” from the movie.
In the lawsuit, Alcon explained its decision by saying that “any prudent brand considering any Tesla partnership has to take Musk’s massively amplified, highly politicized, capricious and arbitrary behavior, which sometimes veers into hate speech, into account.”
Alcon further said it did not want Blade Runner 2049 “to be affiliated with Musk, Tesla, or any Musk company, for all of these reasons.”
But according to Alcon, Tesla went ahead with feeding images from Blade Runner 2049 into an AI image generator to yield a still image that appeared on screen for 10 seconds during the Cybercab event. With the image featured in the background, Musk directly referenced Blade Runner.
Alcon also said that Musk’s reference to Blade Runner 2049 was not a coincidence as the movie features a “strikingly designed, artificially intelligent, fully autonomous car.”

Read more